Full Disclosure mailing list archives
[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
From: "flanker" <i () flanker017 me>
Date: Wed, 25 Sep 2019 21:52:55 +0800
[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component Software: -------- Samsung Text-to-speech Engine System Component on Android Description: ---------- The Text-to-speech Engine (aka SamsungTTS) before 3.0.02.7/3.0.00.101 for Android allows a local attacker to escalate privilege, e.g., to system privilege. This issue is reported to & confirmed and patched by Samsung Mobile Security Rewards Program under case ID 101755. Patched version: ------------ - Android N,O or older : 3.0.00.101 - Android P : 3.0.02.7 Impact: ------- A successful local attack can obtain system privilege on vulnerable phones. Solution: --------- Update the TTS component via Galaxy AppStore to newest version or versions later than patched versions listed above. Credit: ------- Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability will be released shortly after confirmation from Samsung Mobile for responsible disclosure. ------------------ Sincerely Qidan (a.k.a Flanker) Website: https://blog.flanker017.me _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component flanker (Sep 25)